package eu.europa.esig.dss.validation;

import eu.europa.esig.dss.diagnostic.jaxb.XmlDiagnosticData;
import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.policy.ValidationPolicy;
import eu.europa.esig.dss.policy.ValidationPolicyFacade;
import eu.europa.esig.dss.validation.executor.certificate.CertificateProcessExecutor;
import eu.europa.esig.dss.validation.executor.certificate.DefaultCertificateProcessExecutor;
import eu.europa.esig.dss.validation.reports.CertificateReports;
import java.io.InputStream;
import java.util.Date;
import java.util.Locale;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/validation/CertificateValidator.class */
public class CertificateValidator implements ProcessExecutorProvider<CertificateProcessExecutor> {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateValidator.class);
    private final CertificateToken token;
    private Date validationTime;
    private CertificateVerifier certificateVerifier;
    private TokenExtractionStrategy tokenExtractionStrategy = TokenExtractionStrategy.NONE;
    private TokenIdentifierProvider identifierProvider = new OriginalIdentifierProvider();
    private Locale locale = Locale.getDefault();
    private CertificateProcessExecutor processExecutor;

    private CertificateValidator(CertificateToken certificateToken) {
        Objects.requireNonNull(certificateToken, "The certificate is missing");
        this.token = certificateToken;
    }

    public static CertificateValidator fromCertificate(CertificateToken certificateToken) {
        return new CertificateValidator(certificateToken);
    }

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    public void setTokenExtractionStrategy(TokenExtractionStrategy tokenExtractionStrategy) {
        Objects.requireNonNull(tokenExtractionStrategy);
        this.tokenExtractionStrategy = tokenExtractionStrategy;
    }

    public void setTokenIdentifierProvider(TokenIdentifierProvider tokenIdentifierProvider) {
        Objects.requireNonNull(tokenIdentifierProvider);
        this.identifierProvider = tokenIdentifierProvider;
    }

    public void setValidationTime(Date date) {
        this.validationTime = date;
    }

    public void setLocale(Locale locale) {
        this.locale = locale;
    }

    private Date getValidationTime() {
        if (this.validationTime == null) {
            this.validationTime = new Date();
        }
        return this.validationTime;
    }

    public CertificateReports validate() {
        try {
            return validate(ValidationPolicyFacade.newFacade().getCertificateValidationPolicy());
        } catch (Exception e) {
            throw new DSSException("Unable to load the default policy", e);
        }
    }

    public CertificateReports validate(InputStream inputStream) {
        try {
            if (inputStream != null) {
                return validate(ValidationPolicyFacade.newFacade().getValidationPolicy(inputStream));
            }
            LOG.debug("No provided validation policy : use the default policy");
            return validate();
        } catch (Exception e) {
            throw new IllegalInputException("Unable to load the policy", e);
        }
    }

    public CertificateReports validate(ValidationPolicy validationPolicy) {
        assertConfigurationValid();
        XmlDiagnosticData diagnosticData = getDiagnosticData();
        CertificateProcessExecutor provideProcessExecutorInstance = provideProcessExecutorInstance();
        provideProcessExecutorInstance.setValidationPolicy(validationPolicy);
        provideProcessExecutorInstance.setDiagnosticData(diagnosticData);
        provideProcessExecutorInstance.setCertificateId(this.identifierProvider.getIdAsString(this.token));
        provideProcessExecutorInstance.setLocale(this.locale);
        provideProcessExecutorInstance.setCurrentTime(getValidationTime());
        return provideProcessExecutorInstance.execute();
    }

    protected void assertConfigurationValid() {
        Objects.requireNonNull(this.certificateVerifier, "CertificateVerifier is not defined");
        Objects.requireNonNull(this.token, "Certificate token is not provided to the validator");
    }

    public final XmlDiagnosticData getDiagnosticData() {
        return prepareDiagnosticDataBuilder().build();
    }

    protected ValidationContext prepareValidationContext(CertificateVerifier certificateVerifier) {
        SignatureValidationContext signatureValidationContext = new SignatureValidationContext();
        signatureValidationContext.initialize(certificateVerifier);
        signatureValidationContext.addCertificateTokenForVerification(this.token);
        signatureValidationContext.setCurrentTime(getValidationTime());
        return signatureValidationContext;
    }

    protected DiagnosticDataBuilder prepareDiagnosticDataBuilder() {
        ValidationContext prepareValidationContext = prepareValidationContext(new CertificateVerifierBuilder(this.certificateVerifier).buildCompleteCopyForValidation());
        prepareValidationContext.validate();
        return createDiagnosticDataBuilder(prepareValidationContext);
    }

    protected DiagnosticDataBuilder createDiagnosticDataBuilder(ValidationContext validationContext) {
        return new CertificateDiagnosticDataBuilder().usedCertificates(validationContext.getProcessedCertificates()).usedRevocations(validationContext.getProcessedRevocations()).allCertificateSources(validationContext.getAllCertificateSources()).defaultDigestAlgorithm(this.certificateVerifier.getDefaultDigestAlgorithm()).tokenExtractionStrategy(this.tokenExtractionStrategy).tokenIdentifierProvider(this.identifierProvider).validationDate(getValidationTime());
    }

    @Override // eu.europa.esig.dss.validation.ProcessExecutorProvider
    public void setProcessExecutor(CertificateProcessExecutor certificateProcessExecutor) {
        this.processExecutor = certificateProcessExecutor;
    }

    public CertificateProcessExecutor provideProcessExecutorInstance() {
        if (this.processExecutor == null) {
            this.processExecutor = getDefaultProcessExecutor();
        }
        return this.processExecutor;
    }

    @Override // eu.europa.esig.dss.validation.ProcessExecutorProvider
    public CertificateProcessExecutor getDefaultProcessExecutor() {
        return new DefaultCertificateProcessExecutor();
    }
}
